Connect with us

Hi, what are you looking for?



‘Macronleaks’: Hackers Find Flaw in French Cyber-Fortress

They knew months ago that top-of-the-range hackers had been targeting them. They believe their security measures, too, had been nothing short of top-rate. But, in the end, French presidential candidate Emmanuel Macron’s team got hacked.

They knew months ago that top-of-the-range hackers had been targeting them. They believe their security measures, too, had been nothing short of top-rate. But, in the end, French presidential candidate Emmanuel Macron’s team got hacked.

And on Friday night, just an hour before the end of official campaigning, thousands of documents including emails and accounts belonging to his En Marche! (On the Move!) movement were dumped online.

“It’s just incredible what’s happening,” said Belgian researcher Nicolas Vanderbiest, a specialist on online rumours, whose map showing how the “Macron Leak” propagated on Twitter has Wikileaks at the centre.

Macron’s campaign team says it put in place servers protected by sophisticated software filters, recommended the use of several encrypted messaging and cellphone networks, and required double and triple authentication to access emails.

It says it stored its information in multiple-partitioned cells, with databases separated like fortresses, accessible by passwords that were complex and regularly changed.

But a squad of shadowy hackers seem to have found the back door.

“In this kind of organisation the real potential faultline is the human element,” the head of computer services for En Marche! recently told AFP, requesting anonymity.

Advertisement. Scroll to continue reading.

Because security procedures can become long and cumbersome, some people can be tempted to get around them by using personal email services which are little or badly protected.

– ‘’ –

On April 25, a report by Japanese cyber-security company Trend Micro, blamed a so-called “phishing” attack targetting the Macron campaign on Russian hacking group Pawn Storm, also known as Fancy Bears, Tsar Team and APT28.

The group, suspected of close links to the Russian security services, is also accused of having targetted the Democratic Party during last year’s US presidential election, in which Republican-backed Donald Trump defeated Democrat Hillary Clinton.

In this kind of attack, which does not require sophisticated resources, hackers can open up security gaps in software, for example during an update or through a so-called mirror site.

This would be something like “”, hoping that a user when reading quickly would mistake the “nn” for an “m” and fall into the trap, revealing access codes.

The principle of phishing, a classic arm in the hackers’ arsenal, is to send a large number of fake emails often containing infected attachments, hoping that a distracted recipient will click on one, creating a breach in the targetted system.

The gap is unlikely to show up immediately, and the loophole it generates may be exploited weeks or months later.

The Macron campaign reacted swiftly to Friday night’s data dump, saying it would take all measures necessary to shed light on the “unprecedented” incident.

But it did not seem overly worried by the substance of what had been leaked.

“Throughout the campaign, En Marche! has constantly been the party the most targeted by such attempts, in an intense and repeated fashion,” it said in a lengthy statement.

“The aim of those behind this leak is, all evidence suggests, to hurt the En Marche! party. Clearly, the documents arising from the hacking are all lawful and show the normal functioning of a presidential campaign.”

Senator Bazira Khiari, a national delegate for En Marche!, told AFP Saturday morning: “We were informed last night…  We were just told to change our passwords”.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.